As you know, when I return to writing after a long absence, I always like to explain where I’ve been. However, I planned this very prolific return post that I had titled: “Three Hacks, Multiple Vulnerabilities and a Brush with Death & Retirement.” That was more than two months ago. It obviously never happened and this post is not so prolific. But hey, it’s here! These days, that’s all I can ask for.
It all started shortly after the numerous deaths I encountered and wrote the post about Getting My Head Back in the Game. Two brutal hacks on client websites. The first was restored quickly from a backup and the client didn’t even know the site had been hacked.
The second was quickly restored but this time I saved all the files which led to a very interesting discovery for which I promised Tripwire a write-up. (Yes, they’re still waiting too!) The site was hacked by the Syrian Electronic Army and what we found inside the hack files was nothing more than enlightening. But more will follow on that when I write the Tripwire post.
The third hack was on my own granddaughter’s computer. To be exact, her video camera. And that too will be a separate post shortly. But it’s a lesson all parents and kids need to listen to. It can happen to anyone!
From the hacks and ensuing reports, dissecting of the code and so on, WordPress updated with a security release. (While they have subsequently updated two more times since then, the one I’m speaking about goes back several months.)
So immediately from the hacks, I went into damage control mode and started updating all my clients.
And that was only the beginning of the multiple vulnerabilities that started hitting.
I always tell my students that the old adage, “Those who can do. Those who can’t teach.” doesn’t apply to me. Because unlike others, I do and teach and my students benefit from that experience.
So, between the mad updates and upgrades, I was also teaching.
A Brush with Death
Sorry if that sounds a bit overdramatic but it actually is pretty close to being true. I became very, very ill. I mean to the point that I was in bed for nearly a month and limited work hours for several months thereafter.
What started as a kidney stone ended up with some kind of blood infection (Sepsis) and they never did trace back the source. However, before they were able to find an infection, I was tested for Leukemia.
Many of you know that I had a disabling auto accident in 1988 that I’ve miraculously recovered from. And to be honest, for the first time since that accident, I did think I was going to die. That’s how serious it was.
But there were several good things that came out of that experience. I discovered the following:
- The need to hire and train staff for times when I’m away or unable to fulfill my job duties.
- The difference between good clients and bad clients.
- Making sure I have a business continuity plan in place and someone knows what it is.
I’ve started the hiring but the training is behind schedule.
I’ve fired the bad clients.
I have a business continuity plan started and someone knows what it is. It just needs to be completed in terms of documentation.
A Brush with Retirement or The Hits Just Keep on Coming!
If you haven’t been aware, security professionals are dropping like flies. The reasons why are as vast as the vulnerabilities we encounter.
Many security pros are fed up and tired of what seems to be “fighting a losing battle.” The hits just keep on coming. It’s almost impossible sometimes to keep up and keep ahead of the bad guys.
We get tired of hearing the same old story, “It’s not going to happen to me.” Or, “I don’t have anything a hacker would want.” And better still, “My website is so small why would a hacker want to hack my site?” And then when it happens, all of sudden they’re paying attention.
And the hacks on credit card processors and banks that have flooded the news lately from Home Depot to Chase Bank and others have many of us just shaking our heads because we warned – or rather – tried to warn people. And no one was listening.
So getting fed up and suffering from burn out is a huge hazard in our industry. And I was not immune to that.
With the three hacks I mentioned early on in this post, I became disillusioned with our entire process of false protection and governmental agencies that are there to supposedly protect us. I learned the truth about law enforcement, privacy and vulnerability agencies, and what laws there are governing technology really do and who they really protect. And to be quite frank, I was ready to retire.
What I learned during this trying period in my life with regards to the truth about the security field will be the subject of subsequent posts.
So there you have my non-prolific, non-epic post for my return to writing and tending to this blog. All I can say is stay tuned…..